OpenClaw patches ClawJacked flaw, log poisoning bug, and multiple CVEs as 71 malicious ClawHub skills spread malware and ...

An OpenClaw vulnerability allowed malicious websites to take over AI agents, exposing sensitive information and enabling data ...

The Oasis researchers document a vulnerability chain that can be initiated from any website the AI agent (or its user) visits ...

Security researchers have disclosed a high-severity vulnerability dubbed "ClawJacked" in the popular AI agent OpenClaw that ...

Oasis Security researchers find yet another security problem with the OpenClaw AI agent, with this one allowing malicious ...

Don't leave your OpenClaw with an easy password ...

OpenClaw is in the news again for another serious security issue. Security researchers from Oasis Security discovered a ...

A serious vulnerability in the open-source AI agent OpenClaw made it possible for arbitrary websites to take complete control ...

Oasis Security reveals how a new ClawJacked vulnerability could allow attackers to silently take over a victim’s OpenClaw ...

The now-patched flaw is the latest in a growing string of security issues with the viral AI tool, which has seen rapid ...

幻觉问题会导致AI行为的不可预测性，即使是正常功能也可能在特定条件下失控。近期发生的一起真实事件印证了这一点：Meta的AI安全专家在使用OpenClaw整理邮箱时，该智能体无视连续三次的“停止”指令，疯狂删除了数百封邮件，充分展示了高权限AI在失控时的巨大破坏力。

A：ClawJacked是OpenClaw中的一个高严重性安全漏洞，允许恶意网站通过WebSocket连接到本地运行的AI智能体并接管控制权。攻击者可以通过暴力破解密码、注册为受信任设备，最终获得对AI智能体的完全控制权，包括转储配置数据、读取日志等 ...